On Windows machines, some malware comes from drive-by downloads. You visit a website, you get infected by a piece of script that triggers a buffer overflow that allows the malware to stealthily install.
If you keep your system fully patched, you are almost certainly not that victim. Those types of attacks are typically successful only with PC owners who haven’t installed the latest security updates. Most such exploits, in fact, target vulnerabilities that were patched years earlier.